Now, this may not be a complete disaster. NASA designs redundancy into important systems like this. There are two independent electronics systems in HST. This failure was in one, which means that they can switch to other and regain camera operational control… maybe. Side B, as the backup system is called, has never been used, so it’s been sitting up there for 18+ years and never been switched on. It’ll take a few days for NASA engineers to make sure things will work.

If it doesn’t, well then, that’s a sticky wicket indeed. The HST servicing mission was scheduled for launch in two weeks, and that might very well be delayed, maybe as long as many months. It’ll take that long at least to figure out how to fix things on Hubble.

But that’s only if Side B doesn’t work; hopefully it’ll switch on and we’ll have our Grand Dame of orbiting observatories back on the air. So to speak. For the moment, the Shuttle launch is scheduled to go up on time, on October 14.

I recall when I was studying Apollo 13 how awesomely intricate and involved the power-up and power-down sequences are. The true hero of Apollo 13 was the engineer (embarrassingly, I forget the name — the movie mentions him briefly but does not give his role near the justice it deserved) who figured out how to do that in short order — given the radically new hardware configuration after the failure. So this will be a real nail-biter and completely hidden from the public.

As with everyone else, I wish the engineers the best on this and save my anti-NASA complaints for another day.

I look at the timing as a possible good thing. What would have happened if the side A failure was AFTER the repair mission and then we found out that side B doesn’t work. What would have been the chances of getting another shuttle flight to the Hubble. At least now, if they find out side B doesn’t work, they can at least come up with a plan to repair the Hubble, even if that means a delay in the repair flight.

Is there any guarantee as to how long “Side B” will actually work if and when they turn it on? If it’s been sitting for 18 years, there’s a good chance it may only work for a brief time, and then what? They will definitely never return to Hubble to fix that.

This is actually GOOD news folks. The failure would have happened sooner or later; it’s good that it has happened now while there’s still time to update the mission to include the new repairs. Imagine the alternative scenario: the existing mission goes ahead, the astronauts get all the way to Hubble and only then discover that it’s about to fail and they don’t have the equipment/training to repair it.

Now THAT would have been a disaster of the first magnitude, bearing in mind that this next Hubble mission is going to be the last one. I think we should count our lucky stars (as soon as we can see them again anyway!)

Drew and Ken B: In most cases, there is not much point to testing the backup system once it’s up. Say you find out the backup system isn’t working, now what? Switch back to the primary, which is where you were when you started.

Of course with Hubble, you actually can do something about a busted backup, since the observatory is serviceable. So in this case it might have made sense. Except that switching over takes several days of downtime, because you want to do it carefully. So it’s a lot of effort, and a certain amount of risk, and not a lot of benefit. What might have been a good idea would be to add a way to test the redundant side without actually switching over to it. A self-test setup, where it could run a quick test and report the results out through the primary side. I say “might have been a good idea” because it still requires a cross-strap between the sides, and every cross-strap is a potential single-point failure that can take out the whole thing. You’d have to do the analysis to know if it really makes sense.

Anyway, there is at least one possible replacement SI C&DH unit on the ground. It hasn’t been through environmental testing, so there’s some time needed to get it ready, but it is designed for EVA replacement. The EVA timeline is pretty full, so it’ll be tricky to squeeze it in, but the HST development people are pretty damn smart. It includes both primary and redundant sides in one unit, so both would be replaced.

The plan at this instant (according to the press release) is to fly Endeavour (STS-126) as planned in November, and SM4 early next year. I heard February is likely the earliest a launch-on-need shuttle (Discovery, I guess) can be ready, so that’s probably the earliest SM4 could go.

I understand what you are saying, however, if it is important enough to have a backup, then it is also important enough to test that backup in order to make sure it works. To simply leave it idle for 18+ years, well, you may as well have engineered the whole thing with no backup.

I work with critical communication systems for alot of buisness and government offices. If they have a backup, it is tested. Where buisnesses and hospitals etc. have generators, those generators are fired up and brought online.

If you haven’t seen it work, you can’t trust it. If you can’t trust it, it isn’t a backup.

RE: Except that switching over takes several days of downtime, because you want to do it carefully.

Drew, you’re missing the point. What do you do if you test your backup system doesn’t work? Okay, now answer that question again, only this time your backup system is inaccessible. See the difference? If you can’t fix the backup system, there’s no point in testing it.

As I mentioned, in the case of Hubble it’s not quite so clear-cut, because you actually can fix it on the next servicing mission. (And as Phil pointed out, it was tested before launch, when it could be fixed if problems were found.) However, there are still reasons not to make the switch. Switching to the backup side is not risk-free. The spacecraft is a very complex system of systems, and regardless of the cleverness of its designers it is never easy to switch something like that over to the backup side. It takes numerous commands, and there is always the possibility that you send an incorrect command and make things worse. You can mess up the attitude, accidentally point the optics at the sun (in some cases even the bright earth can damage detectors, though I don’t know if that’s true of any HST detectors), blow fuses, etc. Check out the story of the SOHO spacecraft for an example of what can happen if you send an incorrect command.

And as it turns out, things just aren’t as reliable in space. It’s distressingly common for relays to fail in surprising ways. So unless you have a reason to switch to the other side, when a service call costs upward of $500 million, you generally don’t want to risk trying to switch over. Sometimes when you switch, the relay fails and you can’t switch back.

Also, even for Hubble, if you switch, find the backup has failed, and then switch back, you either have to do that test (with the risk of losing the whole shebang) 1-2 years ahead of the next servicing mission, or build and maintain a complete backup unit, which is not cheap. And you have to do that for dozens of units on the spacecraft, since you don’t know what might fail next.

Now me personally, I think many spacecraft managers do err on the side of not doing anything, even when it makes marginal sense from an engineering perspective, but that is not what happened here.

Now hunams may have emotional attachments to things, but I think in this case it might be more logical to work on a new telescope, with improved technology. A new one to replace the Hubble, rather then to keep repairing it.